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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments with respect to claims 53 and 77 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claim 53-56, 72-74, 77-80,96-98 and 101-104 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Hawkinson (US 6,295, 532) in view of Salkewicz (US 
6,609,153). 

4. With regard to claim 53, Hawkinson discloses a method of managing network 
traffic being routed through a network connection device, the network connection device 
having a first set of operations, the network traffic being composed of at least one data 
packet, and the method comprising: 

(b) receiving a rule program at the network connection device (table set)(Col 13, 
Lines 60-65), the rule program including at least: 
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(i) a first criterion for identifying the traffic flow to which a data packet 
belongs (Col 4, Lines 34-36), 

(ii) a second criterion for classifying a traffic flow as belonging to one of at 
least first (level 1 ) and second traffic flow (level 2) classes (flow class is 
determined) (Col 4, Lines 36-37 and Col 5, Lines 28-30), 

(iii) first and second instructions for processing a data packet, the first and 
second instructions being associated with the first and second flow 
classes respectively (each flow class receives different Qos) (Col 5, Lines 
38-39), 

(d) receiving a first data packet that belongs to the first traffic flow at the network 
connection device (Col 5, Lines 28-30), 

(e) using the first criterion to determine that the first data packet belongs to the 
first traffic flow (Col 5, Lines 28-30), 

(f) using the second criterion to determine the traffic flow class to which the first 
traffic flow belongs (Col 5, Lines 28-30, and 

(g) processing the first data packet according to the instructions associated with 
the flow class to which the first traffic flow belongs (Col 5, Lines 30-41 ). 

Hawkinson fails to specifically disclose instantiating a virtual machine on the 
network connection device, having a set of operations that is a sub-set of the first set of 
operations, executing the rule program to configure the network connection device, and 
managing steps (d) through (g) using the virtual machine. 
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Salkewicz discloses a similar system for managing network traffic using a 
network connection device. Salkewicz teaches instantiating virtual machines on the 
netwoek connection device, each virtual machine having a limited instruction set (each 
machine may be a router, switch, bridge, etc) (Col 11, Lines 7-9), executing a program 
on the virtual machine to configure the network connection device (Col 1 1 , Lines 2-7, 
22-30, and 37-42), and managing traffic with the virtual machine (Col 1 1 , Lines 22-26). 
Using virtual machines to manage traffic would have been an advantageous addition to 
the system disclosed by Hawkinson since they provide greater isolation between 
networks (Hawkinson, Col 11, Lines 34-36), can be configured to have nearly any 
functionality supported by the network connection device on which they operate 
(Hawkinson, Col 11, Lines 7-9), and a single network connection device can perform 
traffic management for multiple networks using a plurality of independent virtual 
machines. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to use virtual machines on the network connection device 
to manage network traffic, since they may be configured for specialized operations and 
can operate independently of each other, providing network isolation, even when 
running on a single network connection device. 

5. With regard to claim 55, Hawkinson further discloses that step (e) comprises 
comparing a first section of the first data packet to the first criterion to determine that the 
first data packet belongs to the first traffic flow and step (f) comprises comparing a 
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second section of the first data packet to the second criterion to determine the traffic 
flow class to which the first traffic flow belongs, wherein the second section may include 
at least part of the first section (data unit headers are inspected to determine flow/class 
of data unit)(Col 4, Lines 34-36). 

6. With regard to claim 56, Hawkinson further discloses receiving supplemental 
data pertaining to the first traffic flow, wherein the supplemental data is received outside 
of the first traffic flow and step (f) further comprises comparing the supplemental data to 
the second criterion to determine the class to which the first traffic flow belongs (desired 
QOS is used to generate a flow classification for an unclassified flow) (Col 5, Lines 41- 
46). 

7. With regard to claim 72, Hawkinson further discloses that the first and second 
instructions pertain to any one of routing, switching, or bridging the network traffic (Col 
5, Lines 28-46). 

8. With regard to claim 73, Hawkinson further discloses that the first traffic flow 
originated at a network device (packets are received) (Col 4, Line 66 to Col 5, Line 1 ) 
and the method further comprises the step of communicating information regarding the 
first data packet to the network device (TCP packets are supported and TCP packets 
are acknowledged) (Col 14, Lines 28-49). 
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9. With regard to claim 74, Hawkinson further discloses that at least one of the first 
and second criteria and the first and second instructions are provided by a network 
administrator (Col 14, Lines 29-33). 

10. Claims 77,79,80 and 96-98 are rejected under the same rationale as claims 
53,55,56 and 72-74, since they recite substantially identical subject matter. 

11. With regard to claims 101 and 102, Salkewicz further discloses indicating which 
operations from the instruction set of the virtual machine are to be used in carrying out 
the first and second instructions (programs executed by the virtual machine to 
implement its policies necessarily indicate which instructions to use)(Col 11, Lines 2-9, 
28-30, 37-42). 

12. With regard to claims 103 and 104, Hawkinson discloses a method of managing 
network traffic being routed through a network connection device, the network 
connection device having a first set of operations, the network traffic being composed of 
at least one data packet, and the method comprising: 

(b) receiving a rule program at the network connection device (table set)(Col 13, 
Lines 60-65), the rule program including at least: 

(i) a first criterion for identifying the traffic flow to which a data packet 

belongs (Col 4, Lines 34-36), 
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(ii) a second criterion for classifying a traffic flow as belonging to one of at 
least first (level 1 ) and second traffic flow (level 2) classes (flow class is 
determined) (Col 4, Lines 36-37 and Col 5, Lines 28-30), 

(iii) first and second instructions for processing a data packet, the first and 
second instructions being associated with the first and second flow 
classes respectively (each flow class receives different Qos) (Col 5, Lines 
38-39), 

(d) receiving a first data packet that belongs to the first traffic flow at the network 
connection device (Col 5, Lines 28-30), 

(e) using the first criterion to determine that the first data packet belongs to the 
first traffic flow (Col 5, Lines 28-30), 

(f) using the second criterion to determine the traffic flow class to which the first 
traffic flow belongs (Col 5, Lines 28-30, and 

(g) processing the first data packet according to the instructions associated with 
the flow class to which the first traffic flow belongs (Col 5, Lines 30-41 ). 

Hawkinson fails to specifically disclose instantiating a virtual machine on the 
network connection device, executing the rule program containing a list of a second set 
of operations to configure the network connection device, and managing steps (d) 
through (g) using the virtual machine using only the operations in the second set of 
operations. 

Salkewicz discloses a similar system for managing network traffic using a 
network connection device. Salkewicz teaches instantiating virtual machines on the 
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network connection device (Col 1 1 , Lines 7-9), executing a program on the virtual 
machine to configure the network connection device (Col 1 1 , Lines 2-7, 22-30, and 37- 
42), and managing traffic with the virtual machine (Col 11, Lines 22-26) using only 
instructions specified in the program (the virtual machine behaves according to its 
configured functionality and will not execute unsupported instructions, i.e. bridge, 
switch, router, etc). Using virtual machines to manage traffic would have been an 
advantageous addition to the system disclosed by Hawkinson since they provide 
greater isolation between networks (Hawkinson, Col 1 1, Lines 34-36), can be 
configured to have nearly any functionality supported by the network connection device 
on which they operate (Hawkinson, Col 1 1 , Lines 7-9), and a single network connection 
device can perform traffic management for multiple networks using a plurality of 
independent virtual machines. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to use virtual machines on the network connection device 
to manage network traffic, since they may be configured for specialized operations and 
can operate independently of each other, providing network isolation, even when 
running on a single network connection device. 

13. Claims 57-71 and 81-95 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hawkinson (US 6,295, 532) in view of Salkewicz (US 6,609,153) in 
further view of Official Notice. 
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14. With regard to claims 57, and 59-71 , while Hawkinson and Salkewicz show 
substantial features of the claimed invention (discussed above), including that classes 
are defined using any number of various parameters (Col 10, Lines 25-34), it fails to 
specifically disclose that the supplemental data comprises data concerning access 
requirements, access rights, traffic conditions, data from a device registry, a work group 
identifier, or physical characteristics of the network device. 

The Examiner takes Official Notice that the use of supplemental data to 
identify the flow of a data packet was old and well known in the art at the time the 
invention was made and would have merely been a matter of personal preference of the 
system administrator, depending on the parameters they wished to use to classify flows. 
Hawkinson discloses that any parameters could be used to define classes, and it would 
have been advantageous to use the parameters desired by the system designer to 
classify flows based on the system requirements. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to use any known parameters to classify the flows in order 
to control the QoS provided to flows based on those parameters. 

1 5. Claims 81 and 83-95 are rejected under the same rationale as claims 59-71 , 
since they recite substantially identical limitations. 

16. With regard to claims 58 and 82, Hawkinson further discloses that the first and 
second instruction specify respective first and second bandwidth allocations (allocated 
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bandwidth depends on flow class) (Col 19/20, Lines 27-28). 



Conclusion 



17. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aaron Strange whose telephone number is 571-272- 
3959. The examiner can normally be reached on M-F 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glen Burgess can be reached on 571-272-3949. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



AS 

3/24/2006 




